Manus, an AI company Meta acquired for $2 billion last year is running ads promising quick, easy money with AI: Find local businesses without websites or with bad websites, have AI build them one, then call them up and sell it to them.

As part of the campaign, Manus was paying content creators to build out Instagram, YouTube, and TikTok accounts that promote its AI product as an easy, lucrative gig. (The creators’ TikTok accounts were taken down after The Verge inquired about them.) Some of these videos would also appear as official ads for Manus, but the posts on the paid creator accounts themselves often obscured their ties to the company.

The ads were not subtle. Posted by an account called “Manus AI by Meta,” one video presented Manus’ AI agent as an “Easy side hustle” that “absolutely anybody can do” — one that supposedly “takes less than 10 minutes” and can bring in a “potential $5k a month.” The young person in the video says, “There is literally no limit.” Except, I guess, the number of businesses willing to buy an AI-generated website from a stranger on the internet. 

The ad did not tag the creator featured in it, but their TikTok account, which has since been removed, was filled almost entirely with Manus content. Their Instagram account, which is still live, is nearly identical. Neither disclosed any connection to Manus in its bio or posts. 

Across TikTok and Instagram, I found a network of other accounts posting near-identical Manus content, much of it hyping the website scheme, but also selling vibe-coded apps. The accounts were strikingly similar. They looked the same, used the same language, and promised the same thing: “The art of Manus” with a close-up of their face, “my websites don’t look vibe-coded anymore,” “don’t get a part-time job,” and a “making [thousands of dollars] without talking challenge” as the creators put tape over their mouths. Most accounts were only a few months old, had only ever posted about Manus, and appeared to be run by creators in their late teens or early 20s. The majority of posts had no noticeable engagement, though some were viral hits with tens of thousands of likes, comments, and shares.

Some accounts vaguely referenced to “building with Manus” in their bio, or something similar. A few listed what appeared to be real names, and those led to LinkedIn profiles identifying them as contractors producing content for Manus. There was also a person whose LinkedIn profile said that Manus hired them in January as a contract “viral growth expert” to “lead a team of 10–20 content creators,” enforce “strict brand guidelines and quality benchmarks,” guide creators on persona-specific content, and run coaching sessions training creators on how to go viral. The person did not respond to a request for comment. Manus spokesperson Ronghui Li confirmed the company “works with third-party agency partners on paid UGC creator programs across platforms including TikTok, Instagram, and YouTube” and said the individuals and accounts I referenced were real “external partners involved in this program.”

Manus declined to answer questions on Meta’s role in the program, including whether the parent company was aware of it or whether it complied with Meta’s own policies. Asked about disclosure and advertising rules, Li said that Manus occasionally licensed some of their creator videos as formal ads on the platforms, where they were posted with the usual advertisement labeling. However, Li claimed responsibility for disclosure on creators’ posts lay with the creators themselves and that Manus is now reviewing the specific accounts and posts in question.

Asked why Manus was promoting the tool as an “easy side hustle,” Li said the company does “not endorse exaggerated or misleading earnings claims” and was reviewing the content I flagged. Li did not say whether that review is of the program as a whole. Li also did not answer my specific question about what evidence, if any, Manus had to support the earnings claims made in the videos. 

Meta, YouTube, and TikTok all unambiguously require creators to clearly disclose paid promotions. Multiple legal and advertising experts I spoke to said the undisclosed relationships don’t just run afoul of major platforms’ advertising policies; in multiple jurisdictions, they probably break the law. Sonal Patel Oliva, an advertising lawyer at Fieldfisher, said British regulators “take a firm position on undisclosed commercial relationships in influencer marketing,” requiring incentivized content to be clearly labeled as an ad. Alexandros Antoniou, a law professor at the University of Essex in England, echoed this, saying that vague brand-adjacent language “won’t cut it” as a disclosure.

Meta did not respond to multiple requests for comment asking whether it was aware of the program and whether the campaign complied with its advertising policies. TikTok declined to speak on the record, but since I reached out, most of the Manus hype videos appear to have been removed, and many of the accounts that posted them seem to have been banned. YouTube did not respond to a request for comment. 

Antoniou added that earnings claims are “riskier” than disclosure omissions, given tight rules on misleading consumers in the UK. The experts agreed that the same broad principles apply elsewhere too, including in the EU and US.  

Meta owned Manus throughout the campaign described here and had reportedly already begun integrating the startup and its systems. It now faces the prospect of having to unwind the deal after Chinese regulators blocked it, even as the company insists it complied with relevant laws and says, without elaborating, that it expects to reach a resolution with Beijing.

Anthropic’s tightly controlled rollout of Claude Mythos has taken an awkward turn. After spending weeks insisting the AI model is so capable at cybersecurity that it is too dangerous to release publicly, it appears the model fell into the wrong hands anyway. 

According to Bloomberg, a “small group of unauthorized users” has had access to Mythos — whose existence was first revealed in a leak — since the day Anthropic announced plans to offer it to a select group of companies for testing. Anthropic says it is investigating. That’s a rough look for a company that has built its brand on taking AI safety seriously while touting the cybersecurity prowess of its latest model.

From a technological standpoint, the Mythos breach is embarrassingly unsophisticated. Bloomberg reports the group accessed Mythos by making “an educated guess about the model’s online location,” using information about Anthropic’s other models exposed in the breach of Mercor — a company that makes AI training data — along with access one member had through contract work evaluating Anthropic models. The group got unauthorized access to Mythos through a combination of insider knowledge and a lucky guess, not some sophisticated technological exploit or wholesale theft of the model. 

Security vulnerabilities are inevitable, and it was Mercor, not Anthropic, that revealed the information the hackers used to guess Mythos’ location. Pia Hüsch, a research fellow at the British think tank Royal United Services Institute (RUSI), told me that no company is ever completely secure and humans are often the weakest link, though it “does initially seem a bit lucky” that there were no serious consequences. 

But it’s not entirely bad luck. These kinds of educated guesses are a very standard hacking technique, and the Mercor breach was already known before Mythos’ release. Security researcher Lukasz Olejnik described it to me as an “entirely imaginable” kind of failure that the cybersecurity industry has been routinely dealing with for the last 20 years. So Anthropic should have anticipated it and should have prepared accordingly, particularly knowing that its information had been compromised. 

Anthropic also appears to have had the means to spot the breach. The company is able to “log and track model use,” Olejnik said, which should make it possible to stop unauthorized or malicious access, especially since the Mythos rollout was supposed to be highly limited. Evidently, Anthropic wasn’t monitoring closely enough — and given how dangerous it says the model is, it’s reasonable to ask why.

By Bloomberg’s account, the group was not using Mythos for cybersecurity tasks, partly because they just wanted to mess around with the new model and partly because doing so could have tipped Anthropic off. If Anthropic’s messaging surrounding Mythos is to be taken seriously, that is a lucky break. The company has framed Mythos as a “watershed moment for security,” claiming it found vulnerabilities in “​​every major operating system and web browser,” and said its release must be coordinated to allow time to “reinforce the world’s cyber defenses.” 

Anthropic has a habit of using dramatic, alarming-sounding language that can be tough to interrogate cleanly, including flirting with the idea that its Claude model might be conscious. Even so, early reports from parties with access suggest Mythos is particularly adept in cybersecurity. Mozilla CTO Bobby Holley said it found hundreds of bugs in Firefox 150 and may finally give defenders a chance at complete victory over attackers. Unsurprisingly, governments and financial institutions around the world have been eager to get their hands on it. The NSA and other US agencies reportedly have access despite Anthropic’s designation as a supply chain risk, though the rollout appears to have bypassed the US cybersecurity agency, CISA, so far.

The fact that the breach was uncovered by a reporter rather than Anthropic also raises the obvious question of whether it is an isolated incident. It “really illustrates how wide the circle of people who may be able to do this is, even if they don’t have super technically sophisticated means,” Hüsch said. Anthropic will likely comb through its supply chain to see how this happened and plug gaps, but she said there is a wide range of actors who would want access to a model like this, some of them with a great deal of money behind them. There is no reason to assume anyone else who gained access would be as restrained as the group Bloomberg reported on.

Anthropic has, to some extent, shot itself in its own foot. The company has built its identity around taking AI safety more seriously than its rivals, creating sky-high expectations for model security that jar with its apparent carelessness; the fact that Mythos was exposed through such a basic and predictable failure only underscores that. Worse still, by hyping Mythos as an unusually powerful tool too dangerous for public release, Anthropic turned it into an obvious target, whether for malicious actors or hackers simply looking for a challenge. 

This isn’t even the first awkward security incident around Mythos. The model’s existence was accidentally revealed before release through an “unsecured data trove” on a central system containing content for its website. Now, that model has been secretly accessed via a wholly predictable vulnerability Anthropic didn’t think to patch. Perfection is impossible, but for a company that has anointed itself the vanguard of AI safety, such a basic misstep is hard to justify, even with some of the bad luck it’s had.

To Hüsch, the whole episode can be summed up in one word: humiliation. “Anthropic claims to be at the absolute forefront of all these technologies, but also positions itself as the responsible actor in all of this,” she said. “The fact that this has now been accessed through unauthorized means so quickly, and through such an unsophisticated attempt, is really a humiliation for them.”

Apple quietly threatened to kick Elon Musk’s AI app, Grok, from its App Store in January over its failure to curb the surge of nonconsensual sexual deepfakes flooding X, according to NBC News. It was a muted show of force from one of tech’s most powerful gatekeepers, made behind closed doors even as the undressing crisis unfolded in full public view and criticism over Apple’s cowardice mounted.

In a letter obtained by NBC News, Apple told US senators it “contacted the teams behind both X and Grok after it received complaints and saw news coverage of the scandal” and demanded that the developers “create a plan to improve content moderation.” At the time, xAI’s chatbot Grok was freely accessible on X and as a standalone app, with flimsy safeguards that allowed users to easily generate and share sexualized deepfakes and “undress” images of real people, disproportionately women and some of them apparently minors. 

As we reported at the time, these were flagrant and unambiguous violations of App Store guidelines it often applies with an iron fist. Apple, which profits from having apps like X and Grok on its digital store, has not spoken publicly about the issue or its behind-the-scenes intervention. Google, through its Google Play app store, profits similarly and has also not commented publicly on the matter.  

Apple said it reviewed proposed changes to the X and Grok apps. While the company concluded X had “substantially resolved its violations,” Grok “remained out of compliance.” Apple said it warned the developer that “additional changes to remedy the violation would be required, or the app could be removed from the App Store.” Only after further back-and-forth did Apple determine Grok had “substantially improved” and approved its submission. 

Throughout this covert back-and-forth, Grok and X appear to have remained live on the App Store, a drawn-out process that may help explain the confusing, haphazard rollout of moderation changes announced in real time. This included limiting Grok on X to paying subscribers and attempting to stop Grok from undressing women. Our investigations revealed that neither were particularly effective beyond making the tool a bit harder to access. Later interventions, like X letting users block Grok from editing their photos, are also easily circumvented.

Despite Apple’s approval and xAI’s claims it has tightened safeguards, Grok still appears to be able to generate sexualized deepfakes with relative ease. Cybersecurity sources told me they have been able to create explicit images of celebrities and political figures using the tool, and I have been able to produce similar images of myself and other consenting adults. NBC also reported similar findings yesterday.